Biometric data (e.g., DNA, fingerprints, retinal scans, voiceprints or other data corresponding with a physical representation of a natural person) is, and will continue to be, utilized in a variety of situations. For example, biometric research and testing has been and will likely continue to be utilized to: (a) provide greater understanding, and increase the likelihood, of curing physical challenges, (b) provide evidence supporting or undermining claims alleged in legal proceedings, (c) create greater specificity and accuracy with respect to certain archeological discoveries, and (d) using a template (e.g., a sample, abstract or other electronic or digitized system which enables sufficient parameters through an algorithmic mathematical reduction to compensate for a less than constant input or output), authenticate a natural person, such as prior to access into secure systems or facilities.
However, the increased use of biometric data has raised several privacy and ethical issues. Such issues include, without limitation: (a) using human subjects for potentially speculative results, (b) extrapolating the results of biometric testing beyond the reasonable scope of the tests, (c) establishing a framework within which to cause or increase discrimination against protected classes, and (d) using and disclosing personally identifiable information beyond the scope of any use authorized by the natural person providing the information and/or relevant privacy laws.
Some current systems use data emanating from one or a combination of the following to authenticate a natural person: (a) something the natural person knows (e.g., passwords, pass-phrases, log-on numbers), (b) something the natural person possesses (e.g., plastic ID cards, tokens), (c) a physical representation of the natural person (e.g., biometrics) and (d) a behavioral representation of the natural person (e.g., keystroke cadence). Some of the means are less reliable than others and combining various means may prove to be more reliable and provide higher certainty against any identity fraud.
Some current systems use a reversible cryptographic algorithm (e.g., encryption or encoding or other algorithm which can be reversed to the original data, such as using decryption or decoding) in association with biometric data using a template. A template is used because most biometric data changes based upon several factors, such as illness, stress, hygiene or extraction variables. For example, an authentication system may use a fingerprint of the natural person during an enrollment process to prepare a corresponding fingerprint template. Thereafter, the system may capture biometric data corresponding to the fingerprint (which is subject to collection variability or even physical changes, such as burns, blisters, scratches, or dirt, which causes the resulting data to be inconsistent as compared to earlier captured fingerprint data) and compare the captured fingerprint data to the fingerprint template in determining whether to authenticate the natural person. Depending upon the parameters (e.g., statistics, patterns or other factors) of the system and the template, the natural person identity is authenticated or rejected. The reversible cryptographic algorithm is used with the template for confidentiality purposes (e.g., while the data is in transit), but the original biometric data can be reversed and analyzed to determine whether the parameters of the system and/or the template are appropriate.
Some current systems (e.g., NT or Unix) use an irreversible cryptographic algorithm (e.g., a one-way function, such as MD-5 or other algorithm having the effect of a one-way function, such as using a reversible cryptographic algorithm and destroying the corresponding decryption key) in conjunction with password storage to authenticate the natural person, such as prior to access to a secure system. Using the irreversible cryptographic algorithm minimizes the possibility of disclosing all stored passwords should the system or password file be compromised. Furthermore, the irreversible cryptographic algorithm requires a constant input because any change in the input, such as a space, will cause a different result when processed through the irreversible cryptographic algorithm.
However, no current system, in association with a template or otherwise, utilizes the biometric data in association with the irreversible cryptographic algorithm, whether or not the biometric data is used in combination with any other means, such as a personal key.